The right of Californians to know what personal information is being collected about them.

The right of Californians to know whether their personal information is sold or disclosed and to whom.

The right of Californians to say “no” to the sale of their personal information.

The right of Californians to access their personal information.

The right of Californians to equal service and price from companies, even if they exercise these rights to privacy.

Do these sound familiar? They should.

The European Union’s new privacy law, the General Data Privacy Regulation, or GDPR, went into effect on May 25 of this year and enacted some very important provisions for consumer privacy, meaning people’s right to know how their personal information is being used by companies.

The California ruling resonates in a similar fashion as the GDPR but has a long way to go to be as meaningful, real or provide the same level of transparency.

What it doesn’t provide for is enforcement. As of right now, it is unclear what companies who violate these rights will face. In contrast, the GDPR puts its money where its mouth is, literally, through enforcement. Companies caught out of compliance may be slapped with fines up to 4% of their annual revenue (ouch) and requires that each EU member state has a dedicated enforcement officer. The California law doesn’t come anywhere even close to this. Yet.

That’s okay, there’s time. The new rules won’t take effect until the start of 2020. In the meantime, the attorney general’s office is developing a plan for how to enforce the law.

For now, it’s a triumph, an important step. For those of us in the U.S. concerned with our privacy and security, it’s a good step towards better advocacy for everyone. Whether we care about it or not, we are all the ones who power big, online business with all of our personal information.